Privacy Policy
1. Who are we?
This is Holland B.V. hereinafter referred to as “This is Holland”, “we” or “us”, is the controller of the personal data collected through the website www.thisisholland.com and during visits to our attraction in Amsterdam.
This is Holland B.V. is registered in the Trade Register of the Dutch Chamber of Commerce. Questions about this Privacy Policy or about the processing of your personal data can be addressed to:
This is Holland B.V.
Overhoeksplein 51
1031 KS Amsterdam
Email: privacy@thisisholland.com
This Privacy Policy explains which personal data we process, why we do so, how long we retain data and what rights you have. Please read this policy carefully. We may update this policy from time to time; the most recent version can always be found on our website.
2. Which personal data do we process?
We may process the following categories of personal data:
2.1 Contact details
First name and surname
Email address
Telephone number, if provided
Postcode / place of residence, if provided
2.2 Transaction details
Ticket type and quantity
Visit date
Payment method and transaction reference, excluding full payment card details
Booking confirmation and booking number
2.3 Website and usage data
IP address and browser type
Pages visited and click behaviour
Searches carried out on the website
Cookie data; please also see our Cookie Policy
2.4 Communication data
Content of messages you send via our contact form or by email
Communication regarding complaints or requests
2.5 Marketing and preference information
Newsletter and marketing consents
Language preference
Responses to surveys or customer research
3. What do we use your data for?
We process your personal data for the following purposes and on the basis of the corresponding legal grounds:
3.1 Performance of a contract
Legal basis: performance of a contract, Article 6(1)(b) GDPR.
We process your data in order to:
Process and confirm your ticket purchase
Manage and amend your booking
Send you tickets and confirmations
Provide customer service in relation to your visit
3.2 Legal obligation
Legal basis: legal obligation, Article 6(1)(c) GDPR.
We retain certain transaction data in order to comply with accounting, tax and other legal obligations.
3.3 Legitimate interest
Legal basis: legitimate interest, Article 6(1)(f) GDPR.
We may process your data for:
Fraud prevention and the security of our systems and website
Analysis of website usage and improvement of our services
Reminders about an incomplete ticket purchase, provided you have consented to marketing communications
Handling questions and complaints
3.4 Consent
Legal basis: consent, Article 6(1)(a) GDPR.
Where you have given your explicit consent, we process your data for:
Sending newsletters and promotional emails
Personalised advertising via our website or external platforms
Placing non-essential cookies; please see our Cookie Policy
You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before consent was withdrawn.
4. How long do we retain your data?
We do not retain your personal data for longer than is necessary for the purposes for which it was collected, or for as long as required by applicable law:
Transaction and booking data: seven years, in accordance with statutory tax retention obligations
Customer communications: two years after the question or complaint has been resolved
Marketing data: until consent is withdrawn or you unsubscribe, with a maximum of three years after the last activity
Website and analytics data: in accordance with the retention periods set out in our Cookie Policy
5. Who do we share your data with?
We do not provide your personal data to third parties unless this is necessary for the provision of our services or required by law. We may share your data with:
5.1 Processors
We engage external parties that process personal data on our behalf on the basis of a data processing agreement, including:
Payment service providers, for processing ticket transactions
Ticketing platforms and reservation systems
Email marketing services, for sending newsletters
Website hosting and IT service providers
Analytics tools, such as Google Analytics
5.2 Legal obligation
We may provide your data to government bodies or supervisory authorities where we are legally obliged to do so or where this is necessary to enforce our rights.
5.3 No sale of data
We never sell your personal data to third parties.
6. International transfers
Some of our service providers are located outside the European Economic Area, EEA. Where personal data is transferred to countries outside the EEA, we ensure that appropriate safeguards are in place in accordance with the General Data Protection Regulation, GDPR. This includes, among other measures, the use of Standard Contractual Clauses, SCCs, adopted by the European Commission.
7. How do we protect your data?
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or disclosure. These measures include encryption of data transfers, HTTPS, access control and periodic security assessments.
8. Your rights
Under the GDPR, you have the following rights in relation to your personal data:
Right of access: you can request information about which personal data we process about you.
Right to rectification: you can have inaccurate or incomplete data corrected.
Right to erasure, also known as the right to be forgotten: you can request that your data be deleted, unless we are legally obliged to retain it.
Right to restriction of processing: in certain cases, you can request that the processing of your data be restricted.
Right to data portability: you have the right to receive your data in a structured, commonly used and machine-readable format.
Right to object: you can object to the processing of your data on the basis of legitimate interest or for direct marketing purposes.
Right to withdraw consent: where processing is based on consent, you can withdraw that consent at any time.
To exercise any of the above rights, please contact us at privacy@thisisholland.com. We will respond to your request within one month. In some cases, we may extend this period by up to two months, in which case we will inform you in good time.
9. Lodging a complaint
If you believe that we are not processing your personal data correctly, we ask that you contact us first. You also have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ The Hague
www.autoriteitpersoonsgegevens.nl
10. Cookies
Our website uses cookies and similar technologies. For detailed information about our use of cookies, the categories of cookies, retention periods and how you can manage your preferences, please refer to our Cookie Policy, available at www.thisisholland.com/policies/cookies/.
11. Changes to this Privacy Policy
We may amend this Privacy Policy from time to time to reflect changes in legislation, technology or our business operations. The most recent version is always available on our website. We recommend that you consult this policy regularly. We will actively communicate significant changes via the website or by email to registered users.
12. Contact
For questions about this Privacy Policy or about the processing of your personal data, please contact:
This is Holland B.V.
Overhoeksplein 51
1031 KS Amsterdam
Email: privacy@thisisholland.com
Website: www.thisisholland.com
Last updated: June 2026 | This is Holland B.V. | www.thisisholland.com